Two U.S. senators today proposed new legislation that would require the U.S. government to monitor the cybercrime posture of other countries and deliver assistance -- or sanctions -- to those countries based on the findings.

Senators Kirsten Gillibrand (D-NY) and Orrin Hatch (R-UT) today introduced the International Cybercrime Reporting and Cooperation Act -- a new bill designed to discourage foreign cybercrime and encourage international cooperation among cybercrime law enforcement agencies.

"If we're going to protect our networks, our infrastructure, our economy and our families, we have to go after cyber criminals wherever they may be -- and it must be an international effort," Sen. Gillibrand said.

"Our new legislation will require the president to provide a global assessment, identify threats from abroad, work with other countries to crack down on their own cyber criminals, and urge the President to cut off U.S. assistance and resources for countries that refuse to take responsibility for cybersecurity," Gillibrand explained. "Our legislation will make America safer by getting tough on cybercrime globally, and coordinating with our partners in the international community."

Cisco, HP, Microsoft, Symantec, PayPal, eBay, McAfee, American Express, Mastercard, Visa, and Facebook all stated publicly that they support the legislation.

The bill would require the President to annually report to Congress on the state of countries' use of IT in critical infrastructure, the extent of cybercrime based in each country, the adequacy of each country's cyber law enforcement systems, and countries' protection of consumers and commerce online. The President would also report on multilateral efforts to prevent and investigate cybercrime.

The bill would require that programs designed to combat cybercrime be prioritized to countries with low IT penetration, in order to prevent such countries from becoming future cybercrime havens. Also, initiatives that aid in the development of critical infrastructure would be encouraged to include programs designed to combat cybercrime, "to ensure that such assistance is not inadvertently being used to build future crime havens," the senators said.

The bill would also require the President to identify countries of cyber concern, where there is significant, credible evidence that a pattern of cybercrime against the U.S. government or private entities. Countries that do not sufficiently address cybercrime would be identified through "investigations, prosecutions, bilateral or international cooperation, or appropriate legislation or similar measures."

For each country of cyber concern, the President would establish an action plan with benchmarks designed to assist the government of each country to improve its capacity to combat cybercrime. Countries of cyber concern that do not reach their benchmarks would face restrictions in financing, trade, or other assistance from the U.S..

The bill would also require the Secretary of State to designate a senior official at the State Department to coordinate and focus on activities, policies and opportunities to combat cybercrime internationally.

"Until countries begin to take the necessary steps to fight criminals within their borders, cybercrime havens will continue to flourish," Sen. Hatch said. "We don't have the luxury to sit back and do nothing."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Published: 2017-05-09NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.